Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bebd42347ffb13728ff375b40b9d9752f5f66ea7e27b53daa3ec6ecf0bc7324b

  • Size

    4.1MB

  • Sample

    230204-kv5a9sch97

  • MD5

    f77d27a82b832fb26c46c52633ab7467

  • SHA1

    4ab6476d985c57c6982273542c5e4a51ab110fb4

  • SHA256

    bebd42347ffb13728ff375b40b9d9752f5f66ea7e27b53daa3ec6ecf0bc7324b

  • SHA512

    1ed0591b86c2a68e77c4a012096e14d62344302dd58d7f2034718005a140797ba0173f6ce6ccd64f71765e7ea3d7232d7ebdc0645b99df7ebc94f7f414a1b4e1

  • SSDEEP

    98304:6naglCFcZHa/NtE1dYNUIFFBMEII15m4WNmsZngw3i:6nag0q2tEHSUIFFHgPngd

Score
10/10
gluptebadiscoverydropperevasionloaderpersistenceupx

Malware Config

Targets

    • Target

      bebd42347ffb13728ff375b40b9d9752f5f66ea7e27b53daa3ec6ecf0bc7324b

    • Size

      4.1MB

    • MD5

      f77d27a82b832fb26c46c52633ab7467

    • SHA1

      4ab6476d985c57c6982273542c5e4a51ab110fb4

    • SHA256

      bebd42347ffb13728ff375b40b9d9752f5f66ea7e27b53daa3ec6ecf0bc7324b

    • SHA512

      1ed0591b86c2a68e77c4a012096e14d62344302dd58d7f2034718005a140797ba0173f6ce6ccd64f71765e7ea3d7232d7ebdc0645b99df7ebc94f7f414a1b4e1

    • SSDEEP

      98304:6naglCFcZHa/NtE1dYNUIFFBMEII15m4WNmsZngw3i:6nag0q2tEHSUIFFHgPngd

    Score
    10/10
    gluptebadiscoverydropperevasionloaderpersistenceupx

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

      loaderdropperglupteba

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Modifies Windows Firewall

      evasion

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks